190

After reading about the Cache-Control field of the HTTP header,

I understand that the Cache-Control field in the HTTP response header (server to client) specifies the directives for the intermediate proxy servers/client browser on how to handle the response, by sending different values for the Cache-Control field: private, public, no-cache, or no-store in the response header.

But I don't get why we need to send Cache-Control as a request header (client to server)?

David Klempfner
  • 8,700
  • 20
  • 73
  • 153
Student
  • 4,481
  • 8
  • 27
  • 32
  • As a relevant side note: In my basic testing today, I found that by default, both Chrome v108 and Firefox v107 omit the `Cache-Control` header for standard requests. When pressing the refresh button Chrome sends `Cache-control: max-age=0`, while Firefox does not. When pressing Shift+Refresh, both browsers send `Cache-control: no-cache` which is designed to force a full refresh. I was able to check for this request header on the server to bypass some server-side caching when a user specifically asks for a fresh version of the content. Hope that's useful to someone else out there. – Simon East Jan 15 '23 at 08:13

3 Answers3

160

Cache-Control: no-cache is generally used in a request header (sent from web browser to server) to force validation of the resource in the intermediate proxies. If the client doesn't send this request to the server, intermediate proxies will return a copy of the content if it is fresh (has not expired according to Expire or max-age fields). Cache-Control directs these proxies to revalidate the copy even if it is fresh.

stephent
  • 1,355
  • 15
  • 29
David
  • 4,634
  • 7
  • 35
  • 42
  • 8
    Might be too late here, but except that what are the other uses? Is max-age field used for any purpose? – Sam Jan 01 '16 at 12:39
  • 1
    Why would modern browsers tend to do this? They don't trust the intermediate proxies even though they're behaving according to web standards?? – rogerdpack Feb 17 '17 at 20:00
  • 3
    @rogerdpack no, because they **do** trust them, so they send the header that they **trust** will be honoured to indicate that they have some special reason for requiring greater freshness than most uses need. – Jon Hanna Mar 14 '17 at 16:12
  • @JonHanna but what is their special reason? It seems that most browsers send this with, in essence, ever request for something they don't have cached? – rogerdpack Mar 14 '17 at 19:10
  • 2
    @rogerdpack if you've just done something that you know will have changed the state and want to reflect that, would be a classic case. – Jon Hanna Mar 15 '17 at 09:54
  • 12
    @JonHanna Perhaps you have "disable cache" checked in Chrome Developer tools? :D – Gregory Magarshak Dec 06 '17 at 10:06
  • I work on a CRM where the user is PATCHed then a GET is performed to fetch the fully updated profile, which... I know it should just use the PATCH response but reasons. Anyway, when the GET is called afterwards, if we did not use `Cache-Control: no-cache` then the changes we just made would not be reflected. All other requests respect the cache but immediately after a change you wanna refresh that. – Phil Sturgeon Jan 10 '18 at 10:35
  • @david My browser sends Cache-Control:max-age=0 in the request header. What does it mean. Does it mean that browser will always get the fresh copy irrespective of the previous response-header contain some positive max-age value? – Aniket Jun 22 '18 at 06:34
  • @Sam Late to the game but the [HTTP RFC](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html) section 14.9 specifies where request and response cache directives can be used: - Origin server can specify what is cacheable - Origin server or the user agent can specify what may be stored by a cache - Same for modifications of the basic expiration mechanism - Only user agent controls cache revalidation and reload - Both? can control transformation of entities. - Both? can extend the caching system. – spygi Sep 24 '18 at 21:26
  • This answer might also help: https://stackoverflow.com/a/42653090/5763764 – Radek Matěj Jan 08 '19 at 23:27
  • Say the server doesn't do any sort of caching, but the client would like to do so for performance. Can the client request the browser to cache a HTTP call even if the server doesn't do anything about it? – azizj Mar 20 '20 at 15:09
16

A client can send a Cache-Control header in a request in order to request specific caching behavior, such as revalidation, from the origin server and any intermediate proxy servers along the request path.

bdash
  • 18,110
  • 1
  • 59
  • 91
5

In addition to the above answer,
There might be a setup where cache chaining is implemented. In that case if the request comes to first cache where it is not satisfied, it might go to further chained cache.

Thus in order to get the response always from the server we include cache-control in request headers. This will insure that response is always from the server.

Loui
  • 533
  • 17
  • 33
  • You say "Thus in order to get the response always from the server we include cache-control in request headers. This will insure that response is always from the server." What value of this header would accomplish that? – Don Hatch Jun 30 '16 at 09:58
  • `Cache-Control: no-cache` will tell the proxies to ensure that the response is validated all the way. – mogsie Mar 08 '17 at 08:33